New pfSense install, unbound regularly stops resolving internal hostnames.
-
As per title i've got a new pfSense install, it uses the dns resolver (default)
my box name is fayers-pfsense domain is fayers-local.lan
regularly (nothing noted in logs) unbound stops giving me any results to an nslookup fayers-pfsense on my devices.
It will still happily resolve things like google though, just gives up on internal addresses, ideas?
-
I had to put my local domain & nets in the "Custom Options" box , at the bottom , else unbound would refuse resolving those.
Note i use external (local linux) DNS'es , and have unbound forward queries to those.This went into my Custom Options
server: private-domain: "mydomain.org" local-zone: "1.168.192.in-addr.arpa." transparent local-zone: "2.168.192.in-addr.arpa." transparent local-zone: "1.10.in-addr.arpa." transparent local-zone: "2.10.in-addr.arpa." transparent/Bingo
-
I had to put my local domain & nets in the "Custom Options" box , at the bottom , else unbound would refuse resolving those.
Note i use external (local linux) DNS'es , and have unbound forward queries to those.This went into my Custom Options
server: private-domain: "mydomain.org" local-zone: "1.168.192.in-addr.arpa." transparent local-zone: "2.168.192.in-addr.arpa." transparent local-zone: "1.10.in-addr.arpa." transparent local-zone: "2.10.in-addr.arpa." transparent/Bingo
Interestingā¦
but mine sometimes works, thats the thing...
-
I would look at all of the name servers configured on that clientĀ and dig to them all and see what's not working right.
-
I had to put my local domain & nets in the "Custom Options" box , at the bottom , else unbound would refuse resolving those.
Note i use external (local linux) DNS'es , and have unbound forward queries to those.This went into my Custom Options
server: private-domain: "mydomain.org" local-zone: "1.168.192.in-addr.arpa." transparent local-zone: "2.168.192.in-addr.arpa." transparent local-zone: "1.10.in-addr.arpa." transparent local-zone: "2.10.in-addr.arpa." transparent/Bingo
After adding this and changing for my network it worked for a while then stopped working again.
-
"stopped working" is not going to be enough to help you.
What name servers are configured on the client that "stops working?"
What happens when you specifically query those name servers for names that "stopped working."
Is anything interesting logged in the DNS Resolver logs?
-
"stopped working" is not going to be enough to help you.
What name servers are configured on the client that "stops working?"
What happens when you specifically query those name servers for names that "stopped working."
Is anything interesting logged in the DNS Resolver logs?
Nothing in the DNS Resolver logs.
If i dig @192.168.0.1 still have the issue
when it "stops working" on the client the only dns it has set is 192.168.0.1
I will get this in nslookup:
Server:Ā fayers-pfSense.fayers-local.lan Address:Ā 192.168.0.1 *** fayers-pfSense.fayers-local.lan can't find fayers-pfSense.fayers-local.lan: Non-existent domainOR
Server:Ā UnKnown Address:Ā 192.168.0.1 *** UnKnown can't find fayers-pfsense.fayers-local.lan: Non-existent domain -
dig output would be better than crappy nslookup.
So it is returning NXDOMAIN.
You will probably want to post your entire unbound config: /var/unbound/unbound.conf
You can try running these when problems do and do not occur to see if they help shed any light:
unbound-control -c /var/unbound/unbound.conf list_local_data
unbound-control -c /var/unbound/unbound.conf list_local_zones -
dig output would be better than crappy nslookup.
So it is returning NXDOMAIN.
Windows doesn't have dig
You will probably want to post your entire unbound config: /var/unbound/unbound.conf
You can try running these when problems do and do not occur to see if they help shed any light:
unbound-control -c /var/unbound/unbound.conf list_local_data
unbound-control -c /var/unbound/unbound.conf list_local_zonesMy config is attached to this
When it's not working on client it still works if i dig or nslookup from the router itself.
-
dig output would be better than crappy nslookup.
So it is returning NXDOMAIN.
Windows doesn't have dig
So debug from something with real tools available.
You will probably want to post your entire unbound config: /var/unbound/unbound.conf
You can try running these when problems do and do not occur to see if they help shed any light:
unbound-control -c /var/unbound/unbound.conf list_local_data
unbound-control -c /var/unbound/unbound.conf list_local_zonesMy config is attached to this
When it's not working on client it still works if i dig or nslookup from the router itself.
You should not need any custom options to do what you are doing.
Delete all of those and just use host overrides and see if things improve.
The only time you need to do special local-zones like that is when you have global name servers that return private RFC1918 answers that trip the DNS Rebinding protections.
I wonder if your host is looking up IPv6/AAAA or something that isn't present so you get NODATA or NXDOMAIN for that since you have the zone set to static.
-
I wonder if your host is looking up IPv6/AAAA or something that isn't present so you get NODATA or NXDOMAIN for that since you have the zone set to static.
This definitely seems plausible, how would I check this?
